subject:"\[Zope\] Security and Acquisition"

Re: [Zope] Security and Acquisition

2000-11-09 Thread Charlie Wilkinson


> [Charlie Wilkinson]
> 
> | Greetings,
> 
> Hola!
> 
> | Now, referring to figure 1 (above :-), changes to security settings
> | for the acl_test folder are having no effect on access to index_html.
> | Only when I change the security settings on index_html itself, can I
> | control access to it.
> 
> Can it have something to do with acquirement of permission settings?
> (The leftmost column on the security tab).

Hi Morten,
Yes.  It's acting as if those little boxes were not checked! :)  As I was
replying to Jeff in a prior message, the mystery goes deeper.  I grabbed a
fresh copy of the latest CVS version, built it, set a superuser password
and ran it.  I then tried to visit the default index_html "Welcome to
Zope" page and was presented with a BASICAUTH type login box.  If I
explicitly set anonymous View permissions for the index_html (Welcome
to Zope) page, then I get in with no login as expected.  That isn't
normal is it?  Root folder objects would appear to be having the same
security setting acquisition problems as I was finding previously with
sub-folders and LoginManager.

I realize I'm on the bleeding edge of Zope running the CVS version,
but I heard the 2.2.3 version is due out RSN and figured maybe a little
"new version" pain now would be easier than upgrade pain later.  I'd sure
rather be saying "Here's a patch" than just "It's broke", but alas I
don't grok Python that well yet.  ("It's broke" still offers *some*
value, right?  :-)

To the Zope developers:  It seems pretty clear that Zope v2.2.cvs is
broken in regards to security settings acquisition.  Should I post to
zope-dev, or is there already a sufficient awareness/understanding of
the problem?

Thanks,
Charlie

-- 
~
Charlie Wilkinson - [EMAIL PROTECTED] - N3HAZ
Parental Unit, UNIX Admin, Homebrewer, Cat Lover, Spam Fighter, HAM, SWLer...
Visit the Radio For Peace International Website: http://www.rfpi.org/
~
CLOBBER INTERNET SPAM:  See!! 
   Join!! 
~
QOTD:
"Bush is a big corporation disguised as a human being running for president."
-- Ralph Nader on David Letterman (9/28/00)

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Security and Acquisition

2000-11-09 Thread Morten W. Petersen


[Charlie Wilkinson]

| Greetings,

Hola!

| Now, referring to figure 1 (above :-), changes to security settings
| for the acl_test folder are having no effect on access to index_html.
| Only when I change the security settings on index_html itself, can I
| control access to it.

Can it have something to do with acquirement of permission settings?
(The leftmost column on the security tab).

HTH.

-Morten

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

[Zope] Security and Acquisition

2000-11-09 Thread Charlie Wilkinson


Greetings,
I know this a very busy list, but I'm hoping someone can take a moment to
address this.  I had posted about this on Zope-dev because I'm running the
CVS version, but no response.  Also more research has yielded more info.
I first discovered this issue with LoginManager, but the same problem
occurs with standard acl_users too.

First, 'Figure 1:'

/ (Root Folder)
/ acl_test (ACL Test Folder)
acl_users (User Folder)
index_html (Test Document)

Now, referring to figure 1 (above :-), changes to security settings
for the acl_test folder are having no effect on access to index_html.
Only when I change the security settings on index_html itself, can I
control access to it.

So what this seemingly boils down to is that as of v2.2.whatever,
an acl_users folder does not protect its siblings and their kids by
acquisition of security settings from the parent folder.  Instead,
sibling objects must have their security explicitly set.  Meaning that
instead of setting permissions on the parent object and being done
with it, one now has to set permissions for each and every sibling.
In my case that's over 50 objects and I'm not done coding yet.  Ouch!
This *can't* be right, can it?

Thanks for any clues,
Charlie

-- 
~
Charlie Wilkinson - [EMAIL PROTECTED] - N3HAZ
Parental Unit, UNIX Admin, Homebrewer, Cat Lover, Spam Fighter, HAM, SWLer...
Visit the Radio For Peace International Website: http://www.rfpi.org/
~
CLOBBER INTERNET SPAM:  See!! 
   Join!! 
~
QOTD:
"Bush is a big corporation disguised as a human being running for president."
-- Ralph Nader on David Letterman (9/28/00)
-- 
~
Charlie Wilkinson - [EMAIL PROTECTED] - N3HAZ
Parental Unit, UNIX Admin, Homebrewer, Cat Lover, Spam Fighter, HAM, SWLer...
Visit the Radio For Peace International Website: http://www.rfpi.org/
~
CLOBBER INTERNET SPAM:  See!! 
   Join!! 
~
QOTD:
"Bush is a big corporation disguised as a human being running for president."
-- Ralph Nader on David Letterman (9/28/00)

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Security and Acquisition

Re: [Zope] Security and Acquisition

[Zope] Security and Acquisition

3 matches

Site Navigation

Mail list logo

Footer information